Encryption of your data is managed through encryption policies. When you create a policy, you specify what database object (table, index, LOB, or Type I area) will be encrypted and the strength of the encryption cipher for the object. If you do not specify a cipher, the default, AES_CBC_128, is used. Creating a policy does not encrypt your existing data; it indicates that all future writes are encrypted. See Encrypt your existing data for instructions on encrypting your existing data.

Note:

The encryption policy for the database master key is called the encryption DB policy, for short. TDE DB policy management lets you change the database master key encryption policy while the database is running. For more information, see Online TDE DB policy management.

Encryption policies are created in several ways. See one of the following sections for more information. To create a policy with OpenEdge SQL, see OpenEdge SQL support for transparent data encryption.